CVE-2008-2238 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.3 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:C/I:C/A:C

Base Score

CVSS 3.x

EPSS Score

Percentile: 92%

Affected Products (NVD)

Vendor	Product	Version
openoffice	openoffice.org	𝑥 ≤ 2.4.1
openoffice	openoffice.org	2.0
openoffice	openoffice.org	2.0.2
openoffice	openoffice.org	2.0.3
openoffice	openoffice.org	2.0.4
openoffice	openoffice.org	2.1
openoffice	openoffice.org	2.2
openoffice	openoffice.org	2.2.1
openoffice	openoffice.org	2.3
openoffice	openoffice.org	2.3.1
openoffice	openoffice.org	2.4
openoffice	openoffice.org	2.4.1

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

openoffice.org

dapper	Fixed 2.0.2-2ubuntu12.7 released
feisty	ignored
gutsy	Fixed 1:2.3.0-1ubuntu5.5 released
hardy	Fixed 1:2.4.1-1ubuntu2.1 released
intrepid	Fixed 1:2.4.1-11ubuntu2.1 released

openoffice.org-amd64

dapper	Fixed 2.0.2-2ubuntu12.7-2 released
gutsy	dne
hardy	dne
intrepid	dne

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=750

http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html

http://neowiki.neooffice.org/index.php/NeoOffice_2.2.5_Patch_3_New_Features#Security_fixes

http://secunia.com/advisories/32419

http://secunia.com/advisories/32461

http://secunia.com/advisories/32463

http://secunia.com/advisories/32489

http://secunia.com/advisories/32676

http://secunia.com/advisories/32856

http://secunia.com/advisories/32872

http://secunia.com/advisories/33140

http://security.gentoo.org/glsa/glsa-200812-13.xml

http://sunsolve.sun.com/search/document.do?assetkey=1-26-243226-1

http://www.debian.org/security/2008/dsa-1661

http://www.openoffice.org/security/cves/CVE-2008-2238.html

http://www.redhat.com/support/errata/RHSA-2008-0939.html

http://www.securityfocus.com/bid/31962

http://www.securitytracker.com/id?1021121

http://www.ubuntu.com/usn/usn-677-1

http://www.ubuntu.com/usn/usn-677-2

http://www.vupen.com/english/advisories/2008/2947

http://www.vupen.com/english/advisories/2008/3103

http://www.vupen.com/english/advisories/2008/3153

https://exchange.xforce.ibmcloud.com/vulnerabilities/46166

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10849

https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00905.html

https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00923.html

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=750

http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html

http://neowiki.neooffice.org/index.php/NeoOffice_2.2.5_Patch_3_New_Features#Security_fixes

http://secunia.com/advisories/32419

http://secunia.com/advisories/32461

http://secunia.com/advisories/32463

http://secunia.com/advisories/32489

http://secunia.com/advisories/32676

http://secunia.com/advisories/32856

http://secunia.com/advisories/32872

http://secunia.com/advisories/33140

http://security.gentoo.org/glsa/glsa-200812-13.xml

http://sunsolve.sun.com/search/document.do?assetkey=1-26-243226-1

http://www.debian.org/security/2008/dsa-1661

http://www.openoffice.org/security/cves/CVE-2008-2238.html

http://www.redhat.com/support/errata/RHSA-2008-0939.html

http://www.securityfocus.com/bid/31962

http://www.securitytracker.com/id?1021121

http://www.ubuntu.com/usn/usn-677-1

http://www.ubuntu.com/usn/usn-677-2

http://www.vupen.com/english/advisories/2008/2947

http://www.vupen.com/english/advisories/2008/3103

http://www.vupen.com/english/advisories/2008/3153

https://exchange.xforce.ibmcloud.com/vulnerabilities/46166

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10849

https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00905.html

https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00923.html